Intego Warns of Fake Flash Update that Installs Scareware

Security software company Intego is warning of a malware disguised as a (fake) Flash installer that actually installs scareware and other malware on your Mac. The malware isn't exploiting any security holes in OS X, but instead does a semi-credible job of looking like an Adobe Flash update to socially engineer users into permitting the installation.

To make matters worse, the malware is digitally signed with a valid Apple developer certificate. Intego says that certificate was issued to a "Maksim Noskov." According to Johannes Ullrich, Ph.D., of the SANS Institute's Internet Storm Center, the security researcher who first spotted the malware, Apple has since revoked that certificate.

Mr. Ullrich posted a video of the malware that he installs on a fresh system so we can see what it does: